ACL2
stands for ``A Computational Logic for Applicative Common Lisp'' but our
research group is interested in all aspects of mechanized theorem proving and
in the mechanized verification of hardware and software.

For the remainder of spring semester 2015, ACL2 seminars will generally take place
one hour earlier than usual — namely,
on Tuesdays 9:00 am - 10:45 am — in room
GDC
7.808 (University of Texas at Austin). This page lists
meetings back to the start of the 2002-2003 academic year.

Cuong Chau will talk: "Mechanized Proof of the Orthogonality
Relations of the Trigonometric Functions in ACL2(r) Using Non-Standard
Analysis".AbstractSlides

General roundtableNote: There will be an extra meeting on 2/3. Matt Kaufmann
will give an informal introduction to ACL2(r) and non-standard
analysis from 4:00 till about 5:30, as background for next week's
talk.Talk materials

Matt Kaufmann will talk about the ACL2 "toothbrush" capability,
for creating ACL2 applications with a small-ish memory
footprint.AbstractTalk notes

General roundtable

Shilpi Goel will talk: "Simulation and Formal Verification of x86 Machine-Code
Programs that make System Calls."AbstractSlides (pdf)
After Shilpi's talk there will be an extended group discussion about
progress towards booting FreeBSD on the x86 model. Shilpi might also
go over the new model in some detail, in particular talking a bit
about the new style.

J Moore will talk: "Some Ideas about Managing State in Code Proofs".Abstract

Warren Hunt will give a preliminary version of a talk he plans to
present later this month at a DARPA PI meeting: "Verification and
Analysis Tools for X86 Binary Programs".
Before Warren's presentation, there will be brief discussions of using
git and/or magit for ACL2 book development by Matt Kaufmann and Nathan
Wetzler, respectively.
Matt's new :doc topic:
git-quick-start.
Improvements would be welcome!

Nathan Wetzler will present a short talk for his SAT 2014 Tool Paper
entitled "DRAT-trim: Efficient Checking and Trimming Using Expressive
Clausal Proofs" (joint work with Marijn Heule and Warren Hunt,
Jr.).
[Abstract]

We'll start with a brief general roundtable, until about 10:30.
Then, Nathan Wetzler will discuss a utility (joint work with Matt
Kaufmann),
remove-hyps,
for automatically removing unnecessary hypotheses from a
defthm
event. He will also discuss its implementation, as a way to introduce
the use
of make-event
for writing utilities.Slides (in plain text)Example

We'll start with a short demo by Matt Kaufmann of the new
Emacs-based ACL2-Doc browsing tool.Next we'll have a general
roundtable.If time remains, Matt will go through some of the
ACL2 features discussed
in
the documentation topic, ADVANCED-FEATURES.

Soumava Ghosh will discuss his work on modeling system calls for the
Y86 model. Then, Matt Kaufmann will discuss how to model the
nondeterminism inherent in these system calls.
Here are the links to the slides (original Powerpoint, and PDF format) for Soumava's half of the talk:
[Powerpoint]
[PDF].
Here are links to materials for Matt's half of the talk:

After a short general roundtable, Shilpi Goel will give an RPE
talk:
"A Formal Model of the X86 ISA for Binary Program Verification".AbstractSlides

Matt Kaufmann will talk about a new ACL2 feature: nested
stobjs, that is, stobjs having fields that are stobjs (or
arrays of stobjs). This will be an informal talk that briefly
reviews single-threaded objects
(stobjs),
and then introduces nested stobjs using demos. As time allows there
may be discussion of implementation issues and possible extensions.
Questions will be strongly encouraged!Index into supporting materials

UT group meets at 3:30 to prepare for DARPA visit.

General roundtable.Note that we will meet from 4:00 to 5:00 or 5:15.

Ben Delaware will present his PhD proposal:
"Feature Modularity in Mechanized Reasoning".NOTE: This will start at 3:00
pm, which is an hour earlier than our normal start time, but in the
normal place, GDC 7.808.Abstract

Shankar, visiting from SRI, will talk on
"Programming and Proving with PVS".NOTE: We'll meet in our new digs on 7th Floor South
of the new Gates/Dell Complex (GDC).Abstract
Note: Shankar will also give a CS colloquium the same day,
11:00am-12:00pm, ACE 2.302.

General roundtable.

Robert Krug will talk about his work modeling the x86 processor.
The talk will include some details of his modeling effort, but will
focus on what he wants from such a model and what he hopes
to use it for.

General roundtable

NOTE ONE-TIME ONLY TIME CHANGE: 3:00pm -4:15pm. Nirav Dave and
Jonathan Woodruff, of the SRI/Cambridge(UK) team from the DARPA CRASH
program, will give an overview of their project, discussing their
hardware/software co-design approach and Bluespec verification
work.

Ian Wehrman will talk on his work toward a program logic for local
reasoning about racy concurrent programs executing on a weak,
x86-like memory model.AbstractCorresponding paper

General roundtable

Roy McCasland from Edinburgh will spend 15 or 20 minutes bringing
us up to date on his work. Then Matt Kaufmann will discuss some
topics left over from last week (but will try
to make the talk reasonably self-contained), including the use of two
certification runs to avoid trust tags and probably touching on
make-event and defattach.

(Tuesday)Peter Sewell (Univ. of Cambridge) will talk from about 12:30
till 2:00. Note the unusual time and day. See:Abstract

General roundtable, and discussion of future meetings

Dave Greve (visiting from Rockwell Collins) will give a talk
entitled "Efficient Type Reasoning in ACL2".
He will describe some of the challenges of compositional type
reasoning and propose a structured approach for reasoning
about conjunctive, disjunctive and structural types.

Anna Slobodova will discuss her use of ACL2 in verifying an integer
multiplier at Centaur.

Roy McCasland will be visiting from the University of
Edinburgh, and will give a talk entitled "Automated Theorem
Discovery".Abstract

General roundtable

J Moore will solicit feedback on some tutorial materials about The
Method.
Here is a pre-release
of the tutorial (which is part of the current development snapshot of the ACL2
documentation); please send comments to J Moore.

Rob Sumners will give an overview of his KAS rewriter, discussing some applications
and the ongoing effort to prove it sound.Slides [pdf]

In addition to a brief general roundtable, Sol Swords will demo some
utilities developed by him and Jared Davis.Slides [pdf]Demo Script

Robert Krug will talk about verifying simple routing protocols.
Lessons will be drawn from earlier work, but this talk will focus
on a plan of attack for work over the semester break. Feedback
on this plan will be appreciated. Paths, routes, validity, and
visibility will all be formally defined. Dijkstra's algorithm, link-
state protocols, and distance vector protocols will all be discussed.

Mark Reitblatt will talk about joint work with Matt Kaufmann and
Jacob Kornerup on: ``Formal Verification of LabVIEW Programs Using
the ACL2 Theorem Prover.''[Abstract][Slides]

Warren Hunt and Sandip Ray will provide an overview of
some recent work on the use of ACL2 in analog/mixed-signal and
post-silicon verification. The presentation is two parts: an
introduction to post-silicon verification and a practice for the
talk that they are going to give at the SRC verification review on
April 15.

General roundtable. Also, J Moore will talk for about 20 minutes
on his experiences in the 70s with space flight software, and David
Rager will talk for up to 10 minutes about his experience at the Lisp
conference from which he recently returned.

No meeting (Spring break)

We'll start with a general roundtable of about a half hour, to get
a short update on what each person has been doing. Then Warren Hunt
will talk about ACL2h, the HONS/memoization/fast-alist extension to
ACL2. If there is extra time he may talk a bit on the topic of
post-silicon verification.[Slides]

Jared Davis will discuss his Verilog translator written in ACL2h.[Abstract]

Sol Swords will talk about GL, a framework for proving ACL2
theorems using BDD-based symbolic simulation.[Abstract][Slides][Demo]

Robert Krug will present a formally verified statement of the
correctness of Centaur's floating point addition unit with
respect to the IEEE specification. If time permits, he will
also talk about some of the changes to the arithmetic-4 books
suggested by this work.

Jared Davis will talk about his recent improvements to Boyer and
Hunt's ubdd package.AbstractSlides

Robert Krug will give a high-level introductory talk, without ACL2
code, on the notion of hypervisor and how we might verify one, using
an example (secVisor).

Byron Cook of Microsoft Research (Cambridge, UK) will discuss his
tool, Terminator, which automatically proves termination and other
liveness properties of many industrial programs, in particular that
device drivers do not hang the Windows operating system. He will
describe how things work in the guts of the system, and he will be
happy to take questions.
NOTE! It is recommended that you attend the
UT CS colloquium earlier that day also by Byron Cook, 11am to noon, ACES
2.402, title: "Proving That Software Eventually Does Something Good".

Extended roundtable

Extended roundtable

J Moore will talk about Paco, a highly slimmed-down version of ACL2.

Sol Swords will give a broad overview of the ACL2-based
toolflow being used to verify Centaur's floating-point addition unit.
He'll also talk about how they split up the problem into tractable chunks,
and if there's time, the strategies used to try to avoid BDD
blowups while building the output BDDs of the model.Slides

Erik Reeber will talk about his SULFA tool, for verifying
and generating counterexamples for a certain class of formulas, and will
demonstrate with examples.AbstractNotes

Extended roundtable

Jared Davis dissertation proposal, title: A trustworthy, extensible theorem prover.
All seminar attendees are invited to attend -- this time (only) in the faculty
lounge, Taylor 3.128, at the usual time (4:00 pm).

Extended roundtable.

Extended roundtable.

Sandip Ray will talk about three strategies for deductive
verification of deterministic sequential programs, along with their ACL2 proofs of
completeness and soundness, highlighting the importance of quantification.AbstractSlides

Sol Swords will continue last week's talk, about his implementation of Bryant's transistor-level
circuit analysis method in ACL2.Abstract
Slides [PDF][ODP]

Jared Davis will talk about his use of tactics and tracing to port ACL2
proofs into Milawa, his proof checker for an ACL2-like logic with a small,
trusted core.Abstract
Slides
[PDF]
[ODP {includes notes}]

Robert Krug will continue last week's talk, by talking about the arithmetic
library he has been developing.

Robert Krug will talk about his recent work on an improved ACL2 arithmetic
library and a couple of patches submitted for ACL2.Abstract

Dave Greve, visiting from Rockwell Collins, will give an overview of
the certification of the Rockwell Collins' AAMP7
and the Green Hills Integrity 178b Operating System, and will discuss
associated theorems and challenges.Abstract

A roundtable will probably be followed by a code walk on some aspect(s) of
ACL2, led by J Moore.Abstract

Julien Schmaltz, visiting from the Verisoft project, will talk on "Asynchronous
Communications at the Gate Level: An Isabelle Theory by an ACL2 User".Abstract

Qiang Zhang will review the paper "Verifying a Signature Architecture -- A
Comparative Case Study" by David Basin et al., which reports on a case study in
applying different formal methods, e.g. HOL-Z and PROMELA/Spin, and highlights
that theorem proving may be neither substantially more time-consuming nor more
complex than model checking.Abstract

Erik Reeber will be presenting the paper he and Warren Hunt wrote on the DE2
language, practicing for his presentation at CHARME next week.Abstract

Sol Swords and William Cook will continue last week's talk.

Sol Swords and William Cook will talk about their ACL2 work on the POPLMark
challenge to create a system for machine-checked proofs of theorems about
programming languages (subtyping and soundness for polymorphic lambda-calculi);
see http://www.cis.upenn.edu/group/proj/plclub/mmm/.
They will also discuss some macros for ACL2 based on ideas from Haskell.

Extended roundtable

Gary Byers, the leader of the OpenMCL project, will give a presentation
about OpenMCL. This note will probably be updated later, but at this point it
seems that the presentation will discuss (at least) the OpenMCL compiler,
possible future directions for the OpenMCL project, and OpenMCL support for
parallel execution.Slides [PDF]

Roundtable at the usual time and place (4pm, ACES 6.442) will be followed
by:
"The Future of Computing", Dirk Meyer, Executive VP of AMD's Computation
Products Group, 5:00 p.m., ACES 2.302.Abstract

Carlos will describe a technique that helps a test engineer select,
from a large set of randomly-generated candidate test inputs, a small
subset likely to reveal faults in the software under test.Abstract

Robert will give a short presentation on ``The Limits of Mathematics,'' based
on G. J. Chaitin's book of the same name.Abstract

"Abettor Interfacing System for ACL2."Jared will be presenting his work on
extending the ACL2 user interface. Abettor is a client/server framework for
simultaneously connecting multiple external tools to an ACL2 session.Abstract

Rob will give an example-driven talk about some work that he and Sandip Ray
have been doing in "automating" the proof of invariants for certain types of
system definitions in ACL2.Abstract
Slides [PS][PDF]

Ruben will talk about ACL2(r), which is his modification of ACL2 to support
reasoning about real numbers through non-standard analysis. After a suitable
introduction, the bulk of the talk will be devoted to the correctness of
ACL2(r).Abstract

Vinod will talk about sequential simplification of hardware circuits.Abstract

Julien will talk about modeling and verification of ethernet protocols in ACL2.Abstract

Bill will talk cryptographic protocols and some
approaches toward proving them correct. This will focus on the work
of Larry Paulson from Cambridge and his use of the Isabelle system to
prove properties of protocols inductively.

Bill will continue last week's talk about modeling security policies in ACL2.Abstract

Change of room this time only to 5.116.Anna will talk about verification of the floating point unit of the
next generation Itanium (R) processor. This will be a dry run for her
presentation in DCC'2004.Abstract

Robert will talk about staged simplification.
Robert says:

I will talk briefly about staged
simplification. Several years ago Pete Manolios and J
introduced the notion of stable-under-simplificationp to control
rewriting expressions involving a large and detailed machine.
Since then, I have found that there is great benefit to be
derived by enabling (and subsequently disabling) nonlinear
arithmetic under similar control. Both of these are related
to the common strategy of examining a failed proof and giving
hints at the ``checkpoints''.

Hanbing will give a talk based his paper with J Moore,
"Executable JVM Model for Analytical Reasoning: A Study"AbstractThe paper (PS)

Dealing With Prover Heuristics in ACL2: A Case StudyTalk notesNOTE: This will be a short talk. Most of the meeting will consist of an
extended round-table discussion, perhaps with a focus on upcoming summer
projects.

[Qiang will talk on his work on compiler verification.]

No seminar, but people are encouraged to attend the following colloquium talk:
TAY 3.128, 4:00 pm (coffee at 3:30)
Steven M. German, IBM T.J. Watson Research Center
Experiences in Formal Design and Verification of Cache Memory

12/04/02, Bill YoungReview of "Transformation-Oriented Programming:
A Development Methodology for High Assurance Software"
by Victor Winter, Steve Roach, Greg Wickstrom.
[J asked Bill to look at
this to assess whether ACL2 could somehow be used in this context.]

11/20/02, Shant HarutunianContinuation of preceding week's talk (Note: slides have been further updated.)